Hi Dave, I'd also surround _all_ of the places where you display user input with htmlEditFormat(), as it's kind of open for HTML monkeying (leading to XSS attacks).
-Joe On 5/31/05, Joe Rinehart <[EMAIL PROTECTED]> wrote: > I'd go through your whole app and implement CFQueryparam, shut off > robust exception information, and implement a sitewide error handler. > I've found places that expose SQL that shows where injection is > possible. > > -Joe > > On 5/31/05, dave <[EMAIL PROTECTED]> wrote: > > like that has a chance in hell but the real page has video controls and > > mute button > > > > ~Dave the disruptor~ > > This bottle of lemonaid says "contains no lemon juice" > > and the can of Pledge says "contains real lemon juice" > > figures @%*((&% > > > > ---------------------------------------- > > From: "Michael T. Tangorre" <[EMAIL PROTECTED]> > > Sent: Tuesday, May 31, 2005 7:48 AM > > To: CF-Talk <[email protected]> > > Subject: RE: anyone bored? > > > > > From: dave [mailto:[EMAIL PROTECTED] > > > and wanna help go thru a site and find bugs? > > > There isn't a lot there but mostly concerned with the > > > shopping cart (its in test mode cc wont be charged) and cross > > > browser issues and just general feedback. > > > It's for www.icandfashion.com, if you are up to it lemme > > > know and I will send u link off list > > > > Yikes, I would ditch the sound on the homepage at the link above. > > > > > > > > ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~| Discover CFTicket - The leading ColdFusion Help Desk and Trouble Ticket application http://www.houseoffusion.com/banners/view.cfm?bannerid=48 Message: http://www.houseoffusion.com/lists.cfm/link=i:4:208055 Archives: http://www.houseoffusion.com/cf_lists/threads.cfm/4 Subscription: http://www.houseoffusion.com/lists.cfm/link=s:4 Unsubscribe: http://www.houseoffusion.com/cf_lists/unsubscribe.cfm?user=11502.10531.4 Donations & Support: http://www.houseoffusion.com/tiny.cfm/54
